X-Git-Url: http://git.samba.org/samba.git/?p=sfrench%2Fsamba-autobuild%2F.git;a=blobdiff_plain;f=source4%2Fsmb_server%2Fsmb2%2Ffileio.c;h=497a6c531b2149f13eee9b73cca323407c7644d9;hp=a5fc3d826876ac4cd3f75949317bac392c49a629;hb=7c807de6b87a57352fe408d27b32c217523a95cd;hpb=39ee38d9c1aabf4db065b433d067d0da053d7d61

diff --git a/source4/smb_server/smb2/fileio.c b/source4/smb_server/smb2/fileio.c
index a5fc3d82687..497a6c531b2 100644
--- a/source4/smb_server/smb2/fileio.c
+++ b/source4/smb_server/smb2/fileio.c
@@ -21,19 +21,35 @@
 #include "libcli/smb2/smb2.h"
 #include "libcli/smb2/smb2_calls.h"
 #include "smb_server/smb_server.h"
-#include "smb_server/service_smb_proto.h"
 #include "smb_server/smb2/smb2_server.h"
 #include "ntvfs/ntvfs.h"
+#include "libcli/raw/raw_proto.h"
+#include "librpc/gen_ndr/ndr_security.h"
 
 static void smb2srv_create_send(struct ntvfs_request *ntvfs)
 {
 	struct smb2srv_request *req;
 	union smb_open *io;
+	DATA_BLOB blob;
 
 	SMB2SRV_CHECK_ASYNC_STATUS(io, union smb_open);
-	SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x58, true, io->smb2.out.blob.length));
 
-	SSVAL(req->out.body,	0x02,	io->smb2.out.oplock_flags);
+	/* setup the blobs we should give in the reply */
+	if (io->smb2.out.maximal_access != 0) {
+		uint32_t data[2];
+		SIVAL(data, 0, 0);
+		SIVAL(data, 4, io->smb2.out.maximal_access);
+		SMB2SRV_CHECK(smb2_create_blob_add(req, &io->smb2.out.blobs,
+						   SMB2_CREATE_TAG_MXAC, 
+						   data_blob_const(data, 8)));
+	}
+	
+
+	SMB2SRV_CHECK(smb2_create_blob_push(req, &blob, io->smb2.out.blobs));
+	SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x58, true, blob.length));
+
+	SCVAL(req->out.body,	0x02,	io->smb2.out.oplock_level);
+	SCVAL(req->out.body,	0x03,	io->smb2.out.reserved);
 	SIVAL(req->out.body,	0x04,	io->smb2.out.create_action);
 	SBVAL(req->out.body,	0x08,	io->smb2.out.create_time);
 	SBVAL(req->out.body,	0x10,	io->smb2.out.access_time);
@@ -42,9 +58,9 @@ static void smb2srv_create_send(struct ntvfs_request *ntvfs)
 	SBVAL(req->out.body,	0x28,	io->smb2.out.alloc_size);
 	SBVAL(req->out.body,	0x30,	io->smb2.out.size);
 	SIVAL(req->out.body,	0x38,	io->smb2.out.file_attr);
-	SIVAL(req->out.body,	0x3C,	io->smb2.out._pad);
+	SIVAL(req->out.body,	0x3C,	io->smb2.out.reserved2);
 	smb2srv_push_handle(req->out.body, 0x40, io->smb2.out.file.ntvfs);
-	SMB2SRV_CHECK(smb2_push_o32s32_blob(&req->out, 0x50, io->smb2.out.blob));
+	SMB2SRV_CHECK(smb2_push_o32s32_blob(&req->out, 0x50, blob));
 
 	/* also setup the chained file handle */
 	req->chained_file_handle = req->_chained_file_handle;
@@ -57,27 +73,91 @@ void smb2srv_create_recv(struct smb2srv_request *req)
 {
 	union smb_open *io;
 	DATA_BLOB blob;
+	int i;
 
 	SMB2SRV_CHECK_BODY_SIZE(req, 0x38, true);
 	SMB2SRV_TALLOC_IO_PTR(io, union smb_open);
 	SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_create_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
 
+	ZERO_STRUCT(io->smb2.in);
 	io->smb2.level			= RAW_OPEN_SMB2;
-	io->smb2.in.oplock_flags	= SVAL(req->in.body, 0x02);
-	io->smb2.in.impersonation	= IVAL(req->in.body, 0x04);
-	io->smb2.in.unknown3[0]		= IVAL(req->in.body, 0x08);
-	io->smb2.in.unknown3[1]		= IVAL(req->in.body, 0x0C);
-	io->smb2.in.unknown3[2]		= IVAL(req->in.body, 0x10);
-	io->smb2.in.unknown3[3]		= IVAL(req->in.body, 0x14);
-	io->smb2.in.access_mask		= IVAL(req->in.body, 0x18);
-	io->smb2.in.file_attr		= IVAL(req->in.body, 0x1C);
+	io->smb2.in.security_flags	= CVAL(req->in.body, 0x02);
+	io->smb2.in.oplock_level	= CVAL(req->in.body, 0x03);
+	io->smb2.in.impersonation_level	= IVAL(req->in.body, 0x04);
+	io->smb2.in.create_flags	= BVAL(req->in.body, 0x08);
+	io->smb2.in.reserved		= BVAL(req->in.body, 0x10);
+	io->smb2.in.desired_access	= IVAL(req->in.body, 0x18);
+	io->smb2.in.file_attributes	= IVAL(req->in.body, 0x1C);
 	io->smb2.in.share_access	= IVAL(req->in.body, 0x20);
-	io->smb2.in.open_disposition	= IVAL(req->in.body, 0x24);
+	io->smb2.in.create_disposition	= IVAL(req->in.body, 0x24);
 	io->smb2.in.create_options	= IVAL(req->in.body, 0x28);
 	SMB2SRV_CHECK(smb2_pull_o16s16_string(&req->in, io, req->in.body+0x2C, &io->smb2.in.fname));
 	SMB2SRV_CHECK(smb2_pull_o32s32_blob(&req->in, io, req->in.body+0x30, &blob));
-	/* TODO: parse the blob */
-	ZERO_STRUCT(io->smb2.in.eas);
+	SMB2SRV_CHECK(smb2_create_blob_parse(io, blob, &io->smb2.in.blobs));
+
+	/* interpret the parsed tags that a server needs to respond to */
+	for (i=0;i<io->smb2.in.blobs.num_blobs;i++) {
+		if (strcmp(io->smb2.in.blobs.blobs[i].tag, SMB2_CREATE_TAG_EXTA) == 0) {
+			SMB2SRV_CHECK(ea_pull_list_chained(&io->smb2.in.blobs.blobs[i].data, io, 
+							   &io->smb2.in.eas.num_eas,
+							   &io->smb2.in.eas.eas));
+		}
+		if (strcmp(io->smb2.in.blobs.blobs[i].tag, SMB2_CREATE_TAG_SECD) == 0) {
+			enum ndr_err_code ndr_err;
+			io->smb2.in.sec_desc = talloc(io, struct security_descriptor);
+			if (io->smb2.in.sec_desc == NULL) {
+				smb2srv_send_error(req,  NT_STATUS_NO_MEMORY);
+				return;
+			}
+			ndr_err = ndr_pull_struct_blob(&io->smb2.in.blobs.blobs[i].data, io, NULL,
+						       io->smb2.in.sec_desc,
+						       (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				smb2srv_send_error(req,  ndr_map_error2ntstatus(ndr_err));
+				return;
+			}
+		}
+		if (strcmp(io->smb2.in.blobs.blobs[i].tag, SMB2_CREATE_TAG_DHNQ) == 0) {
+			io->smb2.in.durable_open = true;
+		}
+		if (strcmp(io->smb2.in.blobs.blobs[i].tag, SMB2_CREATE_TAG_DHNC) == 0) {
+			if (io->smb2.in.blobs.blobs[i].data.length != 16) {
+				smb2srv_send_error(req,  NT_STATUS_INVALID_PARAMETER);
+				return;				
+			}
+			io->smb2.in.durable_handle = talloc(io, struct smb2_handle);
+			if (io->smb2.in.durable_handle == NULL) {
+				smb2srv_send_error(req,  NT_STATUS_NO_MEMORY);
+				return;
+			}
+			smb2_pull_handle(io->smb2.in.blobs.blobs[i].data.data, io->smb2.in.durable_handle);
+		}
+		if (strcmp(io->smb2.in.blobs.blobs[i].tag, SMB2_CREATE_TAG_ALSI) == 0) {
+			if (io->smb2.in.blobs.blobs[i].data.length != 8) {
+				smb2srv_send_error(req,  NT_STATUS_INVALID_PARAMETER);
+				return;				
+			}
+			io->smb2.in.alloc_size = BVAL(io->smb2.in.blobs.blobs[i].data.data, 0);
+		}
+		if (strcmp(io->smb2.in.blobs.blobs[i].tag, SMB2_CREATE_TAG_MXAC) == 0) {
+			io->smb2.in.query_maximal_access = true;
+		}
+		if (strcmp(io->smb2.in.blobs.blobs[i].tag, SMB2_CREATE_TAG_TWRP) == 0) {
+			if (io->smb2.in.blobs.blobs[i].data.length != 8) {
+				smb2srv_send_error(req,  NT_STATUS_INVALID_PARAMETER);
+				return;				
+			}
+			io->smb2.in.timewarp = BVAL(io->smb2.in.blobs.blobs[i].data.data, 0);			
+		}
+		if (strcmp(io->smb2.in.blobs.blobs[i].tag, SMB2_CREATE_TAG_QFID) == 0) {
+			io->smb2.in.query_on_disk_id = true;
+		}
+	}
+		
+	/* the VFS backend does not yet handle NULL filenames */
+	if (io->smb2.in.fname == NULL) {
+		io->smb2.in.fname = "";
+	}
 
 	SMB2SRV_CALL_NTVFS_BACKEND(ntvfs_open(req->ntvfs, io));
 }
@@ -100,6 +180,10 @@ static void smb2srv_close_send(struct ntvfs_request *ntvfs)
 	SBVAL(req->out.body,	0x30,	io->smb2.out.size);
 	SIVAL(req->out.body,	0x38,	io->smb2.out.file_attr);
 
+	/* also destroy the chained file handle */
+	req->chained_file_handle = NULL;
+	memset(req->_chained_file_handle, 0, sizeof(req->_chained_file_handle));
+
 	smb2srv_send_reply(req);
 }
 
@@ -128,7 +212,7 @@ static void smb2srv_flush_send(struct ntvfs_request *ntvfs)
 	SMB2SRV_CHECK_ASYNC_STATUS(io, union smb_flush);
 	SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x04, false, 0));
 
-	SSVAL(req->out.body,	0x02,	0);
+	SSVAL(req->out.body,	0x02,	io->smb2.out.reserved);
 
 	smb2srv_send_reply(req);
 }
@@ -136,15 +220,14 @@ static void smb2srv_flush_send(struct ntvfs_request *ntvfs)
 void smb2srv_flush_recv(struct smb2srv_request *req)
 {
 	union smb_flush *io;
-	uint16_t _pad;
 
 	SMB2SRV_CHECK_BODY_SIZE(req, 0x18, false);
 	SMB2SRV_TALLOC_IO_PTR(io, union smb_flush);
 	SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_flush_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
 
 	io->smb2.level			= RAW_FLUSH_SMB2;
-	_pad				= SVAL(req->in.body, 0x02);
-	io->smb2.in.unknown		= IVAL(req->in.body, 0x04);
+	io->smb2.in.reserved1		= SVAL(req->in.body, 0x02);
+	io->smb2.in.reserved2		= IVAL(req->in.body, 0x04);
 	io->smb2.in.file.ntvfs		= smb2srv_pull_handle(req, req->in.body, 0x08);
 
 	SMB2SRV_CHECK_FILE_HANDLE(io->smb2.in.file.ntvfs);
@@ -161,7 +244,8 @@ static void smb2srv_read_send(struct ntvfs_request *ntvfs)
 
 	/* TODO: avoid the memcpy */
 	SMB2SRV_CHECK(smb2_push_o16s32_blob(&req->out, 0x02, io->smb2.out.data));
-	SBVAL(req->out.body,	0x08,	io->smb2.out.unknown1);
+	SIVAL(req->out.body,	0x08,	io->smb2.out.remaining);
+	SIVAL(req->out.body,	0x0C,	io->smb2.out.reserved);
 
 	smb2srv_send_reply(req);
 }
@@ -171,6 +255,12 @@ void smb2srv_read_recv(struct smb2srv_request *req)
 	union smb_read *io;
 
 	SMB2SRV_CHECK_BODY_SIZE(req, 0x30, true);
+
+	/* MS-SMB2 2.2.19 read must have a single byte of zero */
+	if (req->in.body_size - req->in.body_fixed < 1) {
+		smb2srv_send_error(req,  NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
 	SMB2SRV_TALLOC_IO_PTR(io, union smb_read);
 	SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_read_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
 
@@ -179,8 +269,11 @@ void smb2srv_read_recv(struct smb2srv_request *req)
 	io->smb2.in.length		= IVAL(req->in.body, 0x04);
 	io->smb2.in.offset		= BVAL(req->in.body, 0x08);
 	io->smb2.in.file.ntvfs		= smb2srv_pull_handle(req, req->in.body, 0x10);
-	io->smb2.in.unknown1		= BVAL(req->in.body, 0x20);
-	io->smb2.in.unknown2		= BVAL(req->in.body, 0x28);
+	io->smb2.in.min_count		= IVAL(req->in.body, 0x20);
+	io->smb2.in.channel		= IVAL(req->in.body, 0x24);
+	io->smb2.in.remaining		= IVAL(req->in.body, 0x28);
+	io->smb2.in.channel_offset      = SVAL(req->in.body, 0x2C);
+	io->smb2.in.channel_length      = SVAL(req->in.body, 0x2E);
 
 	SMB2SRV_CHECK_FILE_HANDLE(io->smb2.in.file.ntvfs);
 
@@ -236,7 +329,7 @@ static void smb2srv_lock_send(struct ntvfs_request *ntvfs)
 	SMB2SRV_CHECK_ASYNC_STATUS_ERR(io, union smb_lock);
 	SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x04, false, 0));
 
-	SSVAL(req->out.body,	0x02,	io->smb2.out.unknown1);
+	SSVAL(req->out.body,	0x02,	io->smb2.out.reserved);
 
 	smb2srv_send_reply(req);
 }
@@ -244,20 +337,34 @@ static void smb2srv_lock_send(struct ntvfs_request *ntvfs)
 void smb2srv_lock_recv(struct smb2srv_request *req)
 {
 	union smb_lock *io;
+	int i;
 
 	SMB2SRV_CHECK_BODY_SIZE(req, 0x30, false);
 	SMB2SRV_TALLOC_IO_PTR(io, union smb_lock);
 	SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_lock_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
 
 	io->smb2.level			= RAW_LOCK_SMB2;
-
-	io->smb2.in.unknown1		= SVAL(req->in.body, 0x02);
-	io->smb2.in.unknown2		= IVAL(req->in.body, 0x04);
+	io->smb2.in.lock_count		= SVAL(req->in.body, 0x02);
+	io->smb2.in.reserved		= IVAL(req->in.body, 0x04);
 	io->smb2.in.file.ntvfs		= smb2srv_pull_handle(req, req->in.body, 0x08);
-	io->smb2.in.offset		= BVAL(req->in.body, 0x18);
-	io->smb2.in.count		= BVAL(req->in.body, 0x20);
-	io->smb2.in.unknown5		= IVAL(req->in.body, 0x24);
-	io->smb2.in.flags		= IVAL(req->in.body, 0x28);
+	if (req->in.body_size < 24 + 24*(uint64_t)io->smb2.in.lock_count) {
+		DEBUG(0,("%s: lock buffer too small\n", __location__));
+		smb2srv_send_error(req,  NT_STATUS_FOOBAR);
+		return;
+	}
+	io->smb2.in.locks = talloc_array(io, struct smb2_lock_element, 
+					 io->smb2.in.lock_count);
+	if (io->smb2.in.locks == NULL) {
+		smb2srv_send_error(req, NT_STATUS_NO_MEMORY);
+		return;
+	}
+
+	for (i=0;i<io->smb2.in.lock_count;i++) {
+		io->smb2.in.locks[i].offset	= BVAL(req->in.body, 24 + i*24);
+		io->smb2.in.locks[i].length	= BVAL(req->in.body, 32 + i*24);
+		io->smb2.in.locks[i].flags	= IVAL(req->in.body, 40 + i*24);
+		io->smb2.in.locks[i].reserved	= IVAL(req->in.body, 44 + i*24);
+	}
 
 	SMB2SRV_CHECK_FILE_HANDLE(io->smb2.in.file.ntvfs);
 	SMB2SRV_CALL_NTVFS_BACKEND(ntvfs_lock(req->ntvfs, io));
@@ -352,7 +459,7 @@ static void smb2srv_notify_send(struct ntvfs_request *ntvfs)
 		ssize_t len;
 
 		SIVAL(p, 4, io->smb2.out.changes[i].action);
-		len = push_string(global_smb_iconv_convenience, p + 12, io->smb2.out.changes[i].name.s, 
+		len = push_string(p + 12, io->smb2.out.changes[i].name.s, 
 				  blob.length - (p+12 - blob.data), STR_UNICODE);
 		SIVAL(p, 8, len);
 
@@ -399,7 +506,36 @@ void smb2srv_notify_recv(struct smb2srv_request *req)
 	SMB2SRV_CALL_NTVFS_BACKEND(ntvfs_notify(req->ntvfs, io));
 }
 
+static void smb2srv_break_send(struct ntvfs_request *ntvfs)
+{
+	struct smb2srv_request *req;
+	union smb_lock *io;
+
+	SMB2SRV_CHECK_ASYNC_STATUS_ERR(io, union smb_lock);
+	SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x18, false, 0));
+
+	SCVAL(req->out.body,	0x02,	io->smb2_break.out.oplock_level);
+	SCVAL(req->out.body,	0x03,	io->smb2_break.out.reserved);
+	SIVAL(req->out.body,	0x04,	io->smb2_break.out.reserved2);
+	smb2srv_push_handle(req->out.body, 0x08,io->smb2_break.out.file.ntvfs);
+
+	smb2srv_send_reply(req);
+}
+
 void smb2srv_break_recv(struct smb2srv_request *req)
 {
-	smb2srv_send_error(req, NT_STATUS_NOT_IMPLEMENTED);
+	union smb_lock *io;
+
+	SMB2SRV_CHECK_BODY_SIZE(req, 0x18, false);
+	SMB2SRV_TALLOC_IO_PTR(io, union smb_lock);
+	SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_break_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	io->smb2_break.level		= RAW_LOCK_SMB2_BREAK;
+	io->smb2_break.in.oplock_level	= CVAL(req->in.body, 0x02);
+	io->smb2_break.in.reserved	= CVAL(req->in.body, 0x03);
+	io->smb2_break.in.reserved2	= IVAL(req->in.body, 0x04);
+	io->smb2_break.in.file.ntvfs	= smb2srv_pull_handle(req, req->in.body, 0x08);
+
+	SMB2SRV_CHECK_FILE_HANDLE(io->smb2_break.in.file.ntvfs);
+	SMB2SRV_CALL_NTVFS_BACKEND(ntvfs_lock(req->ntvfs, io));
 }